[SECURITY] Fedora 35 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35

Protoc plugin to generate polyglot message validators...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.0.1) +71 more potentially affected by CVE-2022-28347 via django (>=3.2.0 <=3.2.12)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =6.4.1 - coldfront =1.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...

Frourio input validation error vulnerability

Frourio is a fast and type-safe full-stack framework for TypeScript. frourio is vulnerable to an input validation error, which stems from the failure of the validator in the product validators/ directory to validate input data, and could be exploited to cause the validator to not work properly fo...

Expression Language Injection in Netflix Conductor

Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...

Improper Input Validation

frourio is vulnerable to improper input validation. The vulnerability exists due to improper input validation within the class-validator function through the validators/ folder in the index.ts file, which allows an attacker to bypass security...

Frourio 输入验证错误漏洞

Frourio is a fast and type-safe full-stack framework for TypeScript. frourio is vulnerable to an input validation error, which stems from the failure of the validator in the product validators/ directory to validate input data, and could be exploited to cause the validator to not work properly fo...

Frourio-express 输入验证错误漏洞

Frourio-express is a fast and type-safe full-stack framework for TypeScript. An input validation error vulnerability exists in Frourio-express, which stems from the validator in the product validators/ directory not validating input data. The following products and versions are affected:...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), apis-ampel (=0.1.0) +57 more potentially affected by CVE-2022-22818 via django (>=3.2.0 <=3.2.11)

django PYPI version =3.2.0, =1.0.1a0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =0.0.1, =0.0.14 - django-blocklist =1.0.0 - django-brazilian-zipcode =0.1.0 - django-cachalot =2.4.0 and more Source cves: CVE-2022-22818 Source advisory: OSV:PYSEC-2022-19...

Cronos 安全漏洞

Cronos is a Crypto.org Evm chain. Designed to massively scale the DeFi ecosystem. Cronos suffers from a security vulnerability that stems from the fact that in Cronos nodes running versions prior to v0.6.5, it is possible to collect transaction fees for the current block from the Cosmos SDK's...

CVE-2021-42766

The Proof-of-Stake PoS Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service long-range consensus chain reorganizations, even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an...

GHSA-VJ62-G63V-F8MF Validity check missing in Frontier

Impact In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of this to put invalid transactions into a block...

CVE-2021-41138

CVE-2021-41138 concerns Frontier, Substrate’s Ethereum compatibility layer. A signed Frontier-specific extrinsic for pallet-ethereum caused many validation checks to run only during transaction pool validation, not during block execution, allowing malicious validators to include invalid transacti...

CVE-2021-41138 Validity check for signed Frontier-specific extrinsic not called in block execution

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

Cannot actually submit evidence

Handle jmak Vulnerability details Impact Detailed description of the impact of this finding. The SubmitBadSignatureEvidence is not actually registered in the handler and hence no one can actually submit this message, rendering the message useless. This harms the security model of Gravity since...

CVE-2017-18113

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution RCE vulnerability. The vulnerability allowed for...

GHSA-P99V-5W3C-JQQ9 Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

PYSEC-2021-99

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

UBUNTU-CVE-2021-29510

Pydantic is a data validation and settings management using Python type hinting. In affected versions passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Pydantic has been patched with fixes...

GHSA-CF2X-RQC8-GRFQ Regular expression deinal of service in express-validators

All versions of package express-validators are vulnerable to Regular Expression Denial of Service ReDoS when validating specifically-crafted invalid urls...

@myticketing/common (>=1.0.3 <=1.0.5), @pavtickets/common (=1.0.2) potentially affected by CVE-2020-7767 via express-validators (=1.0.4)

express-validators NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on express-validators and may be impacted: - @myticketing/common =1.0.3, =1.0.5 - @pavtickets/common =1.0.2 Source cves: CVE-2020-7767 Source advisory:...